Lucene search
K

269 matches found

Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.4 views

PT-2025-16401

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise the Oracle Commerce Platform. Successful attacks require human interaction from a perso...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.5 views

PHPSHE 注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics and other functions. PHPSHE 1.8 version of the existence of injection vulnerability, the vulnerability ste...

9.8CVSS6.9AI score0.00458EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/04/11 3:58 p.m.19 views

CVE-2025-32378

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

6.9CVSS6.7AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 3:37 p.m.57 views

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

6.9CVSS0.0029EPSS
Exploits0References1
OSV
OSV
added 2025/03/19 3:57 p.m.10 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.4AI score0.00323EPSS
Exploits0References4
NVD
NVD
added 2025/03/17 2:15 p.m.11 views

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS0.00464EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/03/17 1:25 p.m.8 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.2AI score0.00464EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/03/10 12:0 a.m.7 views

The vulnerability of the software platform for developing and managing Adobe Commerce B2B platforms, related to lack of access control, allows a hacker to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the software platform for developing and managing Adobe Commerce B2B is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions and gain unauthorized access to protected information...

6.8CVSS5.4AI score0.00739EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.6 views

zz 安全漏洞

zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and prior versions that stems from improper authorization...

8.8CVSS6.5AI score0.0047EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.4 views

Mini-Tmall 跨站脚本漏洞

Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...

5.4CVSS4AI score0.00335EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.5 views

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

8.8CVSS7.5AI score0.00485EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.4 views

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

9.8CVSS7.5AI score0.00501EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.4 views

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-08 and prior versions, which stems from SQL injection and could lead to remote code execution...

8.8CVSS7.5AI score0.00554EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.5 views

zz 代码问题漏洞

zz is an e-commerce platform for zj1983 individual developers. A code issue vulnerability exists in zz 2024-8 and prior versions, which stems from unrestricted file uploads and could lead to remote code execution...

9.8CVSS7.1AI score0.00584EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.7 views

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

9.8CVSS7.5AI score0.00501EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

SAP Commerce 跨站请求伪造漏洞

SAP Commerce is a suite of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management and operations management. A cross-site request forgery vulnerability exists in SAP Commerce, which stems from a misconfiguration that can lead to...

6.8CVSS6.5AI score0.00169EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/12 12:0 a.m.7 views

SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.

UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.5 views

SAP Commerce 信息泄露漏洞

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce that stems from the ability to recognize valid accounts...

5.3CVSS6.1AI score0.00312EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/08 2:55 p.m.48 views

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

7.3CVSS0.00602EPSS
Exploits0References5
OSV
OSV
added 2024/08/08 2:52 p.m.18 views

CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...

8.3CVSS6.7AI score0.00648EPSS
Exploits0References7
Rows per page
Query Builder